The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue.

97% of SSL web servers are likely to be vulnerable to POODLE. Similar to the ‪Heartbleed vulnerability, ‪POODLE is an information-disclosure bug rather than a code-injection. It leaves encrypted data open to snooping.It relies on Web servers and browsers that allow the use of the old SSL version 3 protocol to secure its communications. SSL has been surpassed by Transport Layer Security; it’s still widely supported on both servers and clients, and is still required for compatibility with Internet Explorer 6. SSLv3, unlike TLS 1.0 or newer, omits validation of certain pieces of data that accompany each message. Attackers can use this weakness to decipher an individual byte at time of the encrypted data, and therefore extract the plain text of the message byte by byte.

Nmap

Your servers are vulnerable simply if they support SSLv3. Several options here:

nmap -p 443 –script ssl-enum-ciphers (Target URL)

Acunetix

Online Checker

If you see a poodle below, then your browser supports SSLv3 via block ciphers, and you maybe vulnerable. If you see a Springfield Terrier below, your browser doesn’t support SSLv3, or only supports SSLv3 using stream ciphers.

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan single hosts and large networks.

Zenmap is the official Nmap Security Scanner GUI that aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users.

Nmap is a very powerful utility that can be used to:

Detect the live host on the network (host discovery)

Detect the open ports on the host (port discovery or enumeration)

Detect the software and the version to the respective port (service discovery)

Detect the operating system, hardware address, and the software version

Detect the vulnerability and security holes (Nmap scripts)

It is available for both the command line interface and the graphical user interface. Once the exe or ZIP file is downloaded from http://nmap.org/download.html during installation there is an option to either install NMAP as a GUI or the command line interface.

Simply deselect GUI if you wish for the command line interface, which is recommended as you are actually writing the commands yourself.

If you are a beginner then the GUI is a great place to start as it helps a lot with writing the desired commands for you as you can simply select what you wish it to do.

Once the command line version is download and installed open up the Cmd navigate to the folder like below. This is were all the command will then be carried out.

Nmap Help

nmap –help

Lists all the possible commands to help with the following;

TARGET SPECIFICATION

HOST DISCOVERY

SCAN TECHNIQUES

PORT SPECIFICATION AND SCAN ORDER

SERVICE/VERSION DETECTION

SCRIPT SCAN

OS DETECTION

TIMING AND PERFORMANCE

FIREWALL/IDS EVASION AND SPOOFING

OUTPUT

MISC

EXAMPLES

Export to File

-help is just an example this can be used for any scan.

nmap –help > C:\namp.txt

Target address URL or IP Address.

nmap Target

Results will outline the following:

Scan a number of specific ports

nmap -p80,21,23 Target

Multiple Targets

nmap -O Target1 Target2

Enable OS and version detection

Script scanning, and traceroute; -T4 for faster execution

nmap -A -T4 Target

Find if host/network is protected by a firewall

nmap -sA Target

Scan a host when protected by the firewall

nmap -PN Target

Scan a range of IP address using a wildcard

nmap 192.168.1.*

Entire subnet

nmap 192.168.1.0/24

Exclude hosts from a scan

nmap 192.168.1.0/24 –exclude 192.168.1.5

nmap 192.168.1.0/24 –exclude 192.168.1.5,192.168.1.254

Some Examples of Scans

-sS TCP SYN scan

Half-open scanning because this technique allows Nmap to get information from the remote host without the complete TCP handshake process, Nmap sends SYN packets to the destination, but it does not create any sessions, As a result, the target computer can’t create any log of the interaction because no session was initiated, making this feature an advantage of the TCP SYN scan.

onmap -sS Target

-sT (TCP connect scan)

Is the default TCP scan type when SYN scan is not an option?

Instead of writing raw packets as most other scan types do, Nmap asks the underlying operating system to establish a connection with the target machine and port by issuing the connect system call. Rather than read raw packet responses off the wire, Nmap uses this API to obtain status information on each connection attempt.

nmap -sT Target

-sU (UDP scans)

Sends a UDP packet to every targeted port and a service will respond with a UDP packet, proving that it is open. Common ports such as 53 and 161. Possibilities to speed up UDP scans up include scanning more hosts in parallel, doing a quick scan of just the popular ports first, scanning from behind the firewall, and using –host-timeout to skip slow hosts.

nmap -sU Target

Alternative to the TCP and UDP protocols, combining most characteristics of TCP and UDP, and also adding new features like multi-homing and multi-streaming.

nmap -sY Target

-sA (TCP ACK scan)

Used to map out firewall rulesets, determining whether they are stateful or not and which ports are filtered.

nmap -sA Target

-sO (IP protocol scan)

Allows you to determine which IP protocols (TCP, ICMP, IGMP, etc.) are supported by target machines.

-sO (IP protocol scan)

Zenmap GUI Interface

Zenmap allows interactive creation of Nmap command lines by select the different point and click approach.

Running a scan is as simple as typing the target in the “Target” field, selecting the “Intense scan” profile, and clicking the “Scan” button.

Once the Target and the Profile is selected the Command text-area will outline the Nmap command that is about to be run. This command could also be copied out and used in the Nmap command line interface.

Possible to use the profile editor as an Nmap command editor. Select “New Profile or Command” from under the “Profile” menu or use the ctrl+P keyboard shortcut. The profile editor will appear, displaying whatever command was shown in the main window.

Within the Scripting Tab its possible to Scroll the list on the left to see all the scripts that are installed in the script.db, Scripts can be selected or deselected individually by clicking the check-box next to the script name.

To save the Profile 1st go to the “Profile” tab and give a name to the profile. Then click “Save Changes” to save the new profile.

The newly created Profile will then be saved and can then be selected as a scan option in future.

Conclusion

Nmap is a must have tool for Network Security Experts. It supports many of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. Ability to scan huge networks containing hundreds of thousands of machines and most importantly it allows for both the traditional command line and graphical (GUI) versions.